Attack your network to protect it

The best way to judge a network’s security is to try to break into it yourself. While the statement is simple and makes sense, its execution is just as difficult. For that, one must think like a hacker and use the same tools to break in. So, in this In Depth story we see how you can use commonly available hacking tools to do an acid test on your network’s security

	SNIFFER: ETTERCAP Sniffers for the baddies... Using ettercap to do a ‘Man in the Middle’ attack on your network FILE-INTEGRITY CHECKERS: GFI LANGUARD FOR WIN, TRIPWIRE FOR LIN Keep a Tab of Key System Files Using a system integrity-checking tool, you can easily detect attacks that modify important files on your system and take preventive measures VULNERABILTY-ASSESSMENT TOOL: NESSUS Attacking a Host Using Nessus to detect vulnerabilities in a Windows 2000 Server ENUMERATION TOOL: DUMPSEC Audit the Security of your Win NT/2000 Server Use DumpSec to verify your Win NT/2000 system’s security settings HONEYPOT: TINY HONEYPOT FOR LINUX Decoy Hackers HoneyPot is a decoy mechanism that traps hackers by working as a false server to attract hackers to itself

Identifying the right tools is the first step. Tools differ depending upon what you want to attack, which then is the next thing you must do. Identify the common points of attack, such as your firewall, Web server, mail server, or other critical systems open to the public. Also identify important systems on your internal network. One misconception people have about hacking is that it’s always done from outside a network. Someone sitting inside your network could very easily do it. This could be a disgruntled employee or a social engineer posing as a network administrator or consultant. This, in fact, is a greater threat than an outsider trying to break-in. Worse still, there are very powerful yet freely available hacking tools at this hacker’s disposal.

These can be categorized depending upon what they attack and the kind of data they collect. 

Network sniffers are the most common network-security tools. They capture live data from your network and can be used by network administrators to do network security auditing and penetration testing. Then there are vulnerability-assessment tools, which are more aggressive in nature. They attack your network to identify common vulnerabilities, and you can even use them to find whether the hacker is running similar tools on your network. 

There are also scanning and enumeration tools, which can scan networks and hosts and provide you with useful information.

File-integrity checkers are another lot, which can tell whether files on a host have been modified or not. 

In this story, we’ve covered the most popular hacking tools in the categories mentioned. 

We’ve covered how hackers would use these tools, followed by what you can do to detect them or protect your network from them. The information provided, therefore, is purely meant to help you strengthen your security, and should be used with care. We would not be responsible for any kind of damage caused due to these tools and the techniques we’ve explained. 

Lastly, remember that network-security testing must be an ongoing process and not just a one-time thing. New vulnerabilities are discovered everyday, and so are their patches. You must be quick enough to detect them on time and patch up your network.

Anil Chopra